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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of claims 

1 . (previously presented) A system comprising a trusted computing platform and one or more 
logically protected computing environments, each of which is associated with at least one service 
or process supported by said system, the system being arranged to load an operating system into 
said trusted computing platform and thereafter to load onto said trusted computing platform data 
defining a predetermined security policy defining security attributes to be applied to one or more 
of the at least one service or process when said service or process is started. 

2. (original) A system according to claim 1 wherein the policy included one or more security 
rules for controlling operation of logically protected computing environments. 

3. (previously presented) A system according to claim 2 wherein at least one of the one or more 
security rules is for at least one of the logically protected environments and includes an 
execution control rule which defines the security attributes. 

4. (original) A system according to claim 3, wherein said security attributes include or comprise 
one or more capabilities to be provided to the respective logically protected computing 
environment when said service or process is started. 

5. (original) A system according to claim 3, wherein said security attributes include or comprise 
one or more functions which change or modify the capabilities of the respective logically 
protected computing environment when said service or process is started. 

6. (previously presented) A system according to claim 3, wherein when a service or process is 
started said security attribute operates to cause the service or process to be placed and run in a 
specified logically protected computing environment. 
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7. (original) A system according to claim 3, wherein said security attributes operate to modify a 
user id, a group id or a logically protected computing environment in which a service or process 
is to be run. 



8. (currently amended) A system according to claim 3, wherein said security attributes operate to 
the service or process . 

9. (original) A system according to claim 5, wherein said execution control rule can raise or 
lower a specified capability. 

10. (original) A system according to claim 5, wherein the security attributes operate to filter a set 
of capabilities of a logically protected computing environment and modifying only one or more 
of said capabilities as selected by said filtering means. 

11. (previously presented) A system according to claim 3, wherein said execution control rule 
specifies the service or process to which it applies by identifying the associated logically 
protected computing environment, with the effect that said rule applies only to services or 
processes specifying that logically protected computing environment. 

12. (previously presented) A system according to claim 3, wherein the files making up a service 
or process to which said execution control rule applies are of read-only configuration. 

13. (previously presented) A system according to claim 3, including means for monitoring 
operations performed by the system which modify names of files making up services or 
programs to which said execution control rule applies. 



Claim 14. Canceled. 
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15. (original) A method of applying a security policy in a system including a trusted computing 
platform and one or more logically protected computing environments, each of which is 
associated with at least one service or process supported by said system, the method including 
the steps of loading an operating system into said trusted computing platform; after loading the 
operating system, starting a service or process associated with at least one of the logically 
protected computing environments; and controlling the operation of the at least one logically 
protected environment by applying, upon starting of the service or process, security attributes to 
the service or process. 

16. (original) A method according to claim 15 wherein the attributes are defined by execution 
control rules, which are included in security rules implementing at least part of the policy. 

Claim 17. Canceled. 

***** 
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